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[clj A network system providing hrtegration, comprising: 
a client computer; 
a server, 

a server -side erypwgfJipWc fimctiou providing cryptographic services located on 
(he server: 

a PKJ-Btidge providing an iniert'ace between the server and the server-side 

cryptographic fiinctioo; 
a reniole access switch providing an interface beiween the client computer and the 

server; 

a clientrside ciy'ptogwJji<^ ftinction providing cryptographic sen^ices located on 
the client computer; 

a dial-up client providing dialing services to access the remote access switch; and 
a custom script dynamicaUy hnkcd libraiy providing en interface betv/een the dial- 
up client and the cUcnt-side cryptopiipMc toction. 

Claim2 - 

[c2] (Amended) I he nenvork system of claim 1, further comprising: 
a ssecurity device holding authentication infomiation; and 

a security device |card| reader attached to the client computer for reading the 
security device. 


Claims 3-13 
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(c3j The network system of claim 2, wherem a ceiiificate is stored on the security 
device. 

|c4) The network systm of claim 2, whej-ein the security device is a smart card. 

[cSj The network system of claim I , further comprising: 

a director)' semcc accessed by tlie server-side crv'ptographic function. 


tc6J The net%vork .'jystera of claim 5, wherein the directory service k lightweight 
directory access protocol compliant. 

\c7\ The network system of claim L wherein the c1iem-sld<? cryptographic ftinction and 
the server-side cryptographic function employ the same cr>'ptographic scheme, 

(€81 'f he network system of claim 1, whereiii the server-side cryptographic ftmction 
uses a random. nural>er generator to geueratc a challenge string. 

jc9} The network system of claim L, wherein & client-side ciyptographic functioir uses 
a random number generator to generate a response string; 

Id 01 The network system of claim 1, wherein the client-side crvptogiaphic function 
generates a signed response siring, 

IcH.) The nct^vork system of claim I, wherein the seiver-side cryptographic famction 
generates a challenge siring, 

{.cl2j The network system of claim i, whei-ein the server-side ciyptographic fhnction 
verifies the signed response string. 

[cl31 The network system of claim 1, wherein the dial-up client opeirat.es in tenninal 
mode. 
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Claim 14 

\tU] (Amended) A network system providing integration, comprising: 
a client computer; 
a server, 

a server-side cryptographic flinctioti providing cryptographic services located on 
the server; ; 

a PKI -Bridge providing an interface between the server and the server-side 
cryptographic function; 

a remote access switch providing an interface between the client computer and the 
server; 

a client-side cryptographic ftmctton providing crv'ptographic services located on 
the client computer; 

a dial -up client providing dialing services to access the remote access switch; 

a custom script dynamically linked library providing an interface between tlie dial- 
up client and the clientrside cr^qptographic tunction; 

a security device holding authentication information; 

a securit y device |card| reader attached to the client computer for reading the 

security device; and 
a directory sei-vice accessed by the server-side cryptographic function. 


Claim 15 
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jcl 5j A client computer comprising! 

a dial-«p cUeut providing dialing services to the clieat computer; 

a client-side cryptographic fiincdow providing crv-ptographic services Uxsated ou 
tite client computer, and 

a custom script dynamically linked library providing an interface between the dial- 
up client and the client-side cryptographic tliACtion. 

Claim 16 

[cfisj ( Amended) Theclientcomputer of claim 15, further comprising: 

a secaritv device [card} reader attached to the client computer for reading a 
security device. 

Claim 17 

(c3 71 The client computer of claim 1 5, wherein a sectirit>' device is a smart card. 
Claim 18 

[clS] (Amended) The client computer of claim 15, wherein the custom script 
dynamically linked libra ry fdial-up client) comprises a SDLogifl. component and a 
SDSetupDial component. 

Claim 19 

(cl9| The client computer of claim 15, wherein the dial-up clietU automates the 
authesRtjcaiion process using a hidden terminal operating in terminal mode. 

Claim 20 
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[c20] (Amended) A client computer comprising: 

a diaJ-up client providing dialing services to the clicni computer; 
a client-side cryptographic ftinctiou providing cryptographic services located on 
the client computer; 


a custom script dynamioaUy linked library providing an interface between the dial- 
up client and the olienf-sidc cryptographic function; and / 

^ ^^ i^l^ fHty deyice fcardj reader attached to the client computer for reading a 
security device. 

Claim 21-23 

(c21 1 A server compri5>ing: 

a server-sidc ci>>}>tographic function providing ctyptograpMc services located on 
the sci'ver; and 

a PKI-Bridge providing an intcrfece between the sm'ct and the server-side 
oryptographk function. 

{c22| The server of claim 21, further con^pri$ing: 

a directory seiTice accessed by the server-side cr>'j)togi'aphic fiincrion. 

fc23| A server comprising; 

a server-side cryptographic tunction providing cryptographic services located on 
the server; 

a PKlr Bridge providing an inierfacc between the server and the sers'cr-side 

cj-yptographic ftinction; and 
a director service acccs^sedby the server-side cryptographic function. 

Claim 24-25 
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[c24] (Amended) A method of integrating via a dial*up interface, comprising: 

sending session initiation information from a dial-up client to a PKI-Bridgc; 
checking session initiation information by the PKI-Bridge; 
generating a challenge string by a server-side cryptographic function; 
forv^^arding the challenge string to a custom script dynamically linked library; 
forv\<arding the challenge string to a client-side cryptographic function from the 

custom script dynamically linked library; 
atilizing (retrieving) a private key from a security device; 
generating a response string; 

signing the response string wi th the private key of a dial-in user; 
fon^'arding a signed response string to the custom script dynamically linked 
library; 

dividing the signed response string into packets; 
forwarding packets to the PKI -Bridge; 
reconstructing the signed response string from packets; 

forwarding a reconstructed signed response string to the server-side cryptographic 
function; 

obtaining a public key of the dial*in user; and 

verifying the reconstructed signed response string using the server-side 
cryptographic function, 

(c25] (Amended) The method ofclaim 24, further comprising: 

reading the security device by a security device jcardj reader. 


Claim 26-33 
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(c26j The method of claiTn 24, Awthct comprising; 
encoding the signed re$pon.sc siring. 

{c27| The method of claim 24. fmha comprising: 
decoding the signed response string, 

{c28] The mtlhod of claim 24 , further comprising: 

forwarding the challenge !>tring to the dial-up client: md 
forwarding the challenge string to the PKI-Bridgc> 

{c29j Hie method of claim 24, farther comprising; 

forwarding packets from the custom script dynamic<i.]ly linked libr^iry, 

|c301 I'be method of cbim 24, wherein the security device is a smart card 

|c3J J The method of claim 24, wherein the session initiation infomiatlon comprises 
version information m.d a distingtvishedname. 

i;c32| The method of claim 24, wherein the public key is stored on a directory service, 

lc33| 11ie method of claim 32, wherein the dit^ctor^^ ser\ace is Hgblweight directory 
access protocol compliant. 

Claim 34-35 
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sending session miiiation infotm^tion (xom a dial-iip clkut to a PKI-Stidg^;; 

generating a <^h5iH*s:j^ge i^tring by server-side cryptographic JbncH<>ii; 
fenv^rdirjg the eh^lknge string to a custom .script dyiramically tiakcd library; 
forwarding the challenge string to ii dknt-side cryp^o^r^P^>^<^ ftinction from iht 

cmtotn script dyn^^micj^lly linked library; 
j^tiliMg |rem<?vmg| 8 private k^y from a seeudty device; 
g<jneniling u m$pm^ string; 

signing the r<tspom<5 srring vviih th^j pn vMe k^^y of a dial-in u$er, 
fofw^rdmg a signed response string to Xhi mmm script dyn^nik^Hy \mk<4 
libmiy; 

dividing rhe tc^pomt string into packets; 
forwaxdkig packets to tine FKI-Bri^ge; 
recoiE)'^tn^aiog the sigiicd response string from packci^; 

f(>rw^irding a rtcof^strviclcd signed mpimn string to the $erv'crvssde crypt^^grapbic 
ohmnmg u publk key of the dssl-m user, 

verifying the recoj^^traoted signed response jstrmg using the server-side 

erypiogr^phie funetion; 
reading the seciirity device by ^ |c.^rd| tt^Mtr, 

eneoding the signed response string; 
decoding rhe sig?iie<l re^xKiTJSe ^itm$; 
fanvarding ihe ehallenge string to th<? dial-up client; 
foi'vv^trding the ehalienge siring to the PKl-Bridge; m%4 
forwarding packets; from iht eustom $eript dyn^imically iii^kedf library. 
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(c353 (Amended) An apparatus of integrating via a dial-up interface, comprising: 

means for sending session initiation information from a dial-up client to a PKI- 
Bridge; 

means for checking session iniiiation information by the PKI-Bridgc; 
means for generating a challenge string by a server-side cryptographic ftmction; 
means for forwarding the challenge string to a custom script dynamically linked 
library; 

means for forv^^arding the challenge string to a client-side cryptographic function 

from the custom script dynamScally linked library; 
means for utiUzing |retrieving| a private key from a security device; 
means for geiierating a response string; 

means for signing the response string wi th the private key of a dial-in user; 
means for forwarding a signed response string to the custom script dynamically 
linked library; 

means for dividing the signed response string into packets; 

means for forw^arding packets to the PKi-Bridge; 

means for reconstatcting the signed response string from packets; 

means for forwarding a reconstructed signed response string to the sServer-side 

crj^tographic function; 
means for obtaining a public key of the dial-in user; and 

means for verifying the reconstructed signed response string using the server-side 
cry^ptographic function. 


